CIO Cyber & Risk Network May 2021
On the Cyber & Risk Network May call, the CIOs spoke about:
1. Ransomware concerns with their suppliers. This topic was split between the suppliers being targeted themselves, and the resulting business impact to their customers; but also the use of third parties as a vector of attack against their customers.
2. Increasing their focus on backup and recovery as part of a drive to become more resilient.
3. What factors may lower cyber insurance premiums, and the increasing intrusiveness of both cyber insurers and auditors.
4. Various experiences with 3rd party Security Operations Centres (SOCs). One CIO shared that their 3rd party SOC was demonstrably not actually taking information from their environment and had reported no AD Account creations in the last month, while the CIO knew that was not the case.
5. A few of the CIOs noted the steady shift from broad-sweep phishing attacks to increasingly targeted spear phishing.
- Expel is a SOC that actually has happy customers.
- The Commonwealth Department of Industry, Science, Energy and Resources has developed a cyber security self assessment tool, which may be useful for smaller suppliers: Cyber Security Assessment Tool.
James recently wrote a piece, 'Recent FBI intervention on compromised Exchange servers is a bad sign for taxpayers everywhere'.